CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
94.1%
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a “GET %n://localhost:80/” request.
Vendor | Product | Version | CPE |
---|---|---|---|
mbedthis_software | mbedthis_appweb_http_server | 2.0.5-4 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5-4:*:*:*:*:*:*:* |